Lab 22 – Identity Protection & Conditional Access

This lab strengthens identity security in your cloud environment. You’ll configure Azure AD Identity Protection, enforce MFA, and build Conditional Access policies to reduce risk from compromised accounts and risky sign‑ins.

• Outcome 1: Identity Protection configured and risk policies enabled.
• Outcome 2: MFA enforced for all users and admins.
• Outcome 3: Conditional Access policies created and tested.
• Outcome 4: Risk events monitored and documented.

• DL22.1: Identity Protection risk policies configured.
• DL22.2: MFA enforced for all users.
• DL22.3: Conditional Access policies created.
• DL22.4: Risk events reviewed and documented.
• DL22.5: Screenshots and notes added to documentation.

1. In Azure Portal, navigate to Azure AD → Security → Identity Protection.
2. Enable User Risk Policy and Sign‑in Risk Policy.
3. Set actions to require password change or MFA for risky users.
4. Save and validate configuration.

1. Navigate to Azure AD → Users → Per‑User MFA.
2. Enable MFA for all accounts, including admin roles.
3. Test MFA login using authenticator app or SMS.
4. Document MFA enforcement results.

1. Navigate to Azure AD → Security → Conditional Access.
2. Create policies for:
   • Require MFA for admin roles
   • Block legacy authentication
   • Restrict access from non‑compliant devices
3. Assign policies to appropriate user groups.
4. Test policy enforcement.

1. Review Risky Users and Risky Sign‑ins reports.
2. Document detected events and remediation actions.
3. Export logs for analysis in SIEM.

• Identity Protection: How risk policies detect and mitigate compromised accounts.
• MFA Enforcement: How multi‑factor authentication strengthens access control.
• Conditional Access: How policies enforce secure access based on risk and context.

With identity protection and conditional access configured, you’re ready to integrate DevSecOps pipelines in Week 23.